directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erodrig...@apache.org
Subject svn commit: r535672 - in /directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption: EncryptionEngine.java KeyUsage.java
Date Sun, 06 May 2007 23:13:21 GMT
Author: erodriguez
Date: Sun May  6 16:13:20 2007
New Revision: 535672

URL: http://svn.apache.org/viewvc?view=rev&rev=535672
Log:
Updated crypto subsystem to support "key usage," required by new encryption types.

Added:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyUsage.java
  (with props)
Modified:
    directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java

Modified: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java?view=diff&rev=535672&r1=535671&r2=535672
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
(original)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/EncryptionEngine.java
Sun May  6 16:13:20 2007
@@ -33,31 +33,14 @@
  */
 public abstract class EncryptionEngine
 {
-    /**
-     * The "well-known constant" used for the DK function is the key
-     * usage number, expressed as four octets in big-endian order,
-     * followed by one octet indicated below.
-     * 
-     *  Kc = DK(base-key, usage | 0x99);
-     *  Ke = DK(base-key, usage | 0xAA);
-     *  Ki = DK(base-key, usage | 0x55);
-     */
-    protected static final byte[] usageKc =
-        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x99 };
-
-    protected static final byte[] usageKe =
-        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0xaa };
-
-    protected static final byte[] usageKi =
-        { ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x00, ( byte ) 0x01, ( byte ) 0x55 };
-
     private static final SecureRandom random = new SecureRandom();
 
 
-    protected abstract byte[] getDecryptedData( EncryptionKey key, EncryptedData data ) throws
KerberosException;
+    protected abstract byte[] getDecryptedData( EncryptionKey key, EncryptedData data, KeyUsage
usage )
+        throws KerberosException;
 
 
-    protected abstract EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText
);
+    protected abstract EncryptedData getEncryptedData( EncryptionKey key, byte[] plainText,
KeyUsage usage );
 
 
     protected abstract EncryptionType getEncryptionType();
@@ -75,7 +58,7 @@
     protected abstract byte[] decrypt( byte[] cipherText, byte[] key );
 
 
-    protected abstract byte[] calculateIntegrity( byte[] plainText, byte[] key );
+    protected abstract byte[] calculateIntegrity( byte[] plainText, byte[] key, KeyUsage
usage );
 
 
     protected byte[] deriveRandom( byte[] key, byte[] usage, int n, int k )
@@ -221,5 +204,57 @@
         oldByte = ( byte ) ( ( ( 0xFF7F >> posBit ) & oldByte ) & 0x00FF );
         byte newByte = ( byte ) ( ( val << ( 8 - ( posBit + 1 ) ) ) | oldByte );
         data[posByte] = newByte;
+    }
+
+
+    /**
+     * The "well-known constant" used for the DK function is the key
+     * usage number, expressed as four octets in big-endian order,
+     * followed by one octet indicated below.
+     * 
+     *  Kc = DK(base-key, usage | 0x99);
+     */
+    protected byte[] getUsageKc( KeyUsage usage )
+    {
+        return getUsage( usage.getOrdinal(), ( byte ) 0x99 );
+    }
+
+
+    /**
+     * The "well-known constant" used for the DK function is the key
+     * usage number, expressed as four octets in big-endian order,
+     * followed by one octet indicated below.
+     * 
+     *  Ke = DK(base-key, usage | 0xAA);
+     */
+    protected byte[] getUsageKe( KeyUsage usage )
+    {
+        return getUsage( usage.getOrdinal(), ( byte ) 0xAA );
+    }
+
+
+    /**
+     * The "well-known constant" used for the DK function is the key
+     * usage number, expressed as four octets in big-endian order,
+     * followed by one octet indicated below.
+     * 
+     *  Ki = DK(base-key, usage | 0x55);
+     */
+    protected byte[] getUsageKi( KeyUsage usage )
+    {
+        return getUsage( usage.getOrdinal(), ( byte ) 0x55 );
+    }
+
+
+    private byte[] getUsage( int usage, byte constant )
+    {
+        byte[] bytes = new byte[5];
+        bytes[0] = ( byte ) ( ( usage >>> 24 ) & 0x000000FF );
+        bytes[1] = ( byte ) ( ( usage >> 16 ) & 0x000000FF );
+        bytes[2] = ( byte ) ( ( usage >> 8 ) & 0x000000FF );
+        bytes[3] = ( byte ) ( usage & 0x00FF );
+        bytes[4] = constant;
+
+        return bytes;
     }
 }

Added: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyUsage.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyUsage.java?view=auto&rev=535672
==============================================================================
--- directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyUsage.java
(added)
+++ directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyUsage.java
Sun May  6 16:13:20 2007
@@ -0,0 +1,191 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.kerberos.shared.crypto.encryption;
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+
+/**
+ * From RFC 4120, "The Kerberos Network Authentication Service (V5)":
+ * 
+ * 7.5.1.  Key Usage Numbers
+ * 
+ * The encryption and checksum specifications in [RFC3961] require as
+ * input a "key usage number", to alter the encryption key used in any
+ * specific message in order to make certain types of cryptographic
+ * attack more difficult.  These are the key usage values assigned in
+ * [RFC 4120]:
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev$, $Date$
+ */
+public final class KeyUsage implements Comparable
+{
+    /**
+     * AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key (Section 5.2.7.2)
+     */
+    public static final KeyUsage NUMBER1 = new KeyUsage( 1,
+        "AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the client key" );
+
+    /**
+     * AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session
key), encrypted with the service key (Section 5.3)
+     */
+    public static final KeyUsage NUMBER2 = new KeyUsage(
+        2,
+        "AS-REP Ticket and TGS-REP Ticket (includes TGS session key or application session
key), encrypted with the service key" );
+
+    /**
+     * AS-REP encrypted part (includes TGS session key or application session key), encrypted
with the client key (Section 5.4.2)
+     */
+    public static final KeyUsage NUMBER3 = new KeyUsage( 3,
+        "AS-REP encrypted part (includes TGS session key or application session key), encrypted
with the client key" );
+
+    /**
+     * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key (Section
5.4.1)
+     */
+    public static final KeyUsage NUMBER4 = new KeyUsage( 4,
+        "TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS session key" );
+
+    /**
+     * TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey
(Section 5.4.1)
+     */
+    public static final KeyUsage NUMBER5 = new KeyUsage( 5,
+        "TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the TGS authenticator subkey"
);
+
+    /**
+     * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session key
(Section 5.5.1)
+     */
+    public static final KeyUsage NUMBER6 = new KeyUsage( 6,
+        "TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed with the TGS session
key" );
+
+    /**
+     * TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey),
encrypted with the TGS session key (Section 5.5.1)
+     */
+    public static final KeyUsage NUMBER7 = new KeyUsage(
+        7,
+        "TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes TGS authenticator subkey),
encrypted with the TGS session key" );
+
+    /**
+     * TGS-REP encrypted part (includes application session key), encrypted with the TGS
session key (Section 5.4.2)
+     */
+    public static final KeyUsage NUMBER8 = new KeyUsage( 8,
+        "TGS-REP encrypted part (includes application session key), encrypted with the TGS
session key" );
+
+    /**
+     * TGS-REP encrypted part (includes application session key), encrypted with the TGS
authenticator subkey (Section 5.4.2)
+     */
+    public static final KeyUsage NUMBER9 = new KeyUsage( 9,
+        "TGS-REP encrypted part (includes application session key), encrypted with the TGS
authenticator subkey" );
+
+    /**
+     * AP-REQ Authenticator cksum, keyed with the application session key (Section 5.5.1)
+     */
+    public static final KeyUsage NUMBER10 = new KeyUsage( 10,
+        "AP-REQ Authenticator cksum, keyed with the application session key" );
+
+    /**
+     * AP-REQ Authenticator (includes application authenticator subkey), encrypted with the
application session key (Section 5.5.1)
+     */
+    public static final KeyUsage NUMBER11 = new KeyUsage( 11,
+        "AP-REQ Authenticator (includes application authenticator subkey), encrypted with
the application session key" );
+
+    /**
+     * AP-REP encrypted part (includes application session subkey), encrypted with the application
session key (Section 5.5.2)
+     */
+    public static final KeyUsage NUMBER12 = new KeyUsage( 12,
+        "AP-REP encrypted part (includes application session subkey), encrypted with the
application session key" );
+
+    /**
+     * KRB-PRIV encrypted part, encrypted with a key chosen by the application (Section 5.7.1)
+     */
+    public static final KeyUsage NUMBER13 = new KeyUsage( 13,
+        "KRB-PRIV encrypted part, encrypted with a key chosen by the application" );
+
+    /**
+     * These two lines are all that's necessary to export a List of VALUES.
+     */
+    private static final KeyUsage[] values =
+        { NUMBER1, NUMBER2, NUMBER3, NUMBER4, NUMBER5, NUMBER6, NUMBER7, NUMBER8, NUMBER9,
NUMBER10, NUMBER11,
+            NUMBER12, NUMBER13 };
+
+    /**
+     * VALUES needs to be located here, otherwise illegal forward reference.
+     */
+    public static final List VALUES = Collections.unmodifiableList( Arrays.asList( values
) );
+
+    private final int ordinal;
+    private final String name;
+
+
+    /**
+     * Private constructor prevents construction outside of this class.
+     */
+    private KeyUsage( int ordinal, String name )
+    {
+        this.ordinal = ordinal;
+        this.name = name;
+    }
+
+
+    /**
+     * Returns the key usage number type when specified by its ordinal.
+     *
+     * @param type
+     * @return The key usage number type.
+     */
+    public static KeyUsage getTypeByOrdinal( int type )
+    {
+        for ( int ii = 0; ii < values.length; ii++ )
+        {
+            if ( values[ii].ordinal == type )
+            {
+                return values[ii];
+            }
+        }
+
+        return NUMBER1;
+    }
+
+
+    /**
+     * Returns the number associated with this key usage number.
+     *
+     * @return The key usage number
+     */
+    public int getOrdinal()
+    {
+        return ordinal;
+    }
+
+
+    public int compareTo( Object that )
+    {
+        return ordinal - ( ( KeyUsage ) that ).ordinal;
+    }
+
+
+    public String toString()
+    {
+        return name + " (" + ordinal + ")";
+    }
+}

Propchange: directory/apacheds/branches/kerberos-encryption-types/kerberos-shared/src/main/java/org/apache/directory/server/kerberos/shared/crypto/encryption/KeyUsage.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message